Senior Fusion Analyst
General Dynamics Information Technology
-Discover, attribute, and identify state sponsored Cyber threats (Track, trend and use predictive analysisbased off Targeting and past TTPs)-Identify Tactics, Techniques, and Procedures of Advanced Persistent Threat (APT) to includeinfrastructure, tools, phishing emails and malware-Document TTP changes and trends of cyber threats-Identify targeting lists used by threat actors (public websites, group membership lists, Conference lists,contract announcements and other sources used for targeting)-Find trends and common relationships (Job, Program, professional membership, common technology,common locations and company’s) in recipients targeted by APT to identify targeting (better view of bigpicture / strategic as opposed to tactical)-Create, edit, and review written reports detailing state sponsored cyber events-Create presentations and brief senior Government and contract personnel-Analyze raw data such as PCAP, True Detect sensor logs, and email headers (Mime and SMTP) toidentify malicious traffic.-Identify originating IP addresses used to send phishing emails (mail relays are often used to hide the truesending IP) and track for trends in APT infrastructure and identify IP origins (location, registrant, ASN, ect)-Conduct Splunk queries, Monitor ArcSight channels (create rules and filters) via the ArcSight EnterpriseSecurity Manager-Submit incident reports to multiple government agencies and collaborate and share information withCDC partners-Participate in Technical forums and exchanges regarding state sponsored actors-Conduct basic malware analysis (dynamic) using tools such as CaptureBat, WireShark, Sysinternals andother dynamic analysis tools.-Identify files dropped, Remote Access Tools (PIVY, SharK Rat, and other custom Rats) used by threatcampaigns-Identify unique attributes in backdoors used by threat actors and provide indicators to defenders